1. Home
  2. CompTIA
  3. CS0-002

CompTIA Cybersecurity Analyst (CySA+)

Exam Details

  • Exam Code
    :CS0-002
  • Exam Name
    :CompTIA Cybersecurity Analyst (CySA+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1059 Q&As
  • Last Updated
    :Apr 09, 2025

CompTIA CompTIA Certifications CS0-002 Questions & Answers

  • Question 861:

    A hybrid control is one that:

    A. is implemented differently on individual systems

    B. is implemented at the enterprise and system levels

    C. has operational and technical components

    D. authenticates using passwords and hardware tokens

  • Question 862:

    A cybersecurity analyst is supporting an incident response effort via threat intelligence. Which of the following is the analyst MOST likely executing?

    A. Requirements analysis and collection planning

    B. Containment and eradication

    C. Recovery and post-incident review

    D. Indicator enrichment and research pivoting

  • Question 863:

    The inability to do remote updates of certificates, keys, software, and firmware is a security issue commonly associated with:

    A. web servers on private networks

    B. HVAC control systems

    C. smartphones

    D. firewalls and UTM devices

  • Question 864:

    When attempting to do a stealth scan against a system that does not respond to ping, which of the following Nmap commands BEST accomplishes that goal?

    A. nmap -sA -O -noping

    B. nmap -sT -O -P0

    C. nmap -sS -O -P0

    D. nmap -sQ -O -P0

  • Question 865:

    A team of security analysts has been alerted to potential malware activity. The initial examination indicates one of the affected workstations is beaconing on TCP port 80 to five IP addresses and attempting to spread across the network over port 445. Which of the following should be the team's NEXT step during the detection phase of this response process?

    A. Escalate the incident to management, who will then engage the network infrastructure team to keep them informed.

    B. Depending on system criticality, remove each affected device from the network by disabling wired and wireless connections.

    C. Engage the engineering team to block SMB traffic internally and outbound HTTP traffic to the five IP addresses.

    D. Identify potentially affected systems by creating a correlation search in the SIEM based on the network traffic.

  • Question 866:

    The help desk provided a security analyst with a screenshot of a user's desktop:

    For which of the following is aircrack-ng being used?

    A. Wireless access point discovery

    B. Rainbow attack

    C. Brute-force attack

    D. PCAP data collection

  • Question 867:

    After receiving reports latency, a security analyst performs an Nmap scan and observes the following output:

    Which of the following suggests the system that produced output was compromised?

    A. Secure shell is operating of compromise on this system.

    B. There are no indicators of compromise on this system.

    C. MySQL services is identified on a standard PostgreSQL port.

    D. Standard HTP is open on the system and should be closed.

  • Question 868:

    A security analyst discovers a vulnerability on an unpatched web server that is used for testing machine learning on Bing Data sets. Exploitation of the vulnerability could cost the organization $1.5 million in lost productivity. The server is located on an isolated network segment that has a 5% chance of being compromised. Which of the following is the value of this risk?

    A. $75.000

    B. $300.000

    C. $1.425 million D. $1.5 million

  • Question 869:

    An organization has not had an incident for several month. The Chief information Security Officer (CISO) wants to move to proactive stance for security investigations. Which of the following would BEST meet that goal?

    A. Root-cause analysis

    B. Active response

    C. Advanced antivirus

    D. Information-sharing community

    E. Threat hunting

  • Question 870:

    A company wants to establish a threat-hunting team. Which of the following BEST describes the rationale for integration intelligence into hunt operations?

    A. It enables the team to prioritize the focus area and tactics within the company's environment.

    B. It provide critically analyses for key enterprise servers and services.

    C. It allow analysis to receive updates on newly discovered software vulnerabilities.

    D. It supports rapid response and recovery during and followed an incident.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CS0-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.